As more SMEs go digital, they also face the rising threat of cyberattacks. But many are ill-prepared or unaware of the risks.

All it took were several clicks - that was enough for malicious malware to compromise the personal data of 2,400 Ministry of Defence and Singapore Armed Forces personnel through email phishing.

With cybersecurity attacks costing Singapore-based organisations some S$1.7 million per breach, according to a 2020 McAfee report, they make up a potentially very costly affair. While it is not only about fines that companies have to be worried about, the damages and ramifications could be even more severe if sensitive data such as your customers' credit card details fall into the wrong hands. These attacks can leave a huge blow to the organisation's reputation and consequently, its ability to do business in the future.

Singapore's Cyber Security Agency reported an increase in cyber threats last year, such as ransomware and online scams, with its team handling over 9,000 cases - nearly double from the 4,977 cases in 2018.

Despite the belief among many business leaders that larger organisations are more likely to be at risk of being attacked, 40% of cyberattacks are actually targeted at Small and Medium-sized Enterprises (SMEs). Their limited resources and defences make them more vulnerable to common attack vectors such as phishing and ransomware.

Here are five ways SMEs can protect their business against cyber threats:

1. Get insured as the first line of defence

We know how important personal insurance is. The same needs to be done for your business.

Often falling under the radar, cyber-liability insurance helps protect organisations from the fallout from cyberattacks and hacking threats. This often includes first-party protection for the loss of income following a cyberattack, payments made to resolve cyber extortion threats, as well as third-party protection against damages, legal defence costs, and fines.

A comprehensive cyber insurance policy such as the Etiqa SME Cyber Insurance can help businesses recover financial losses and pay for recovery steps in the event of cyber fraud, cyber extortion, or identity theft. It's about mitigating your losses and staying resilient.

Not just limited to businesses, cyber insurance like Etiqa Personal Cyber Insurance can help cover individuals and their families in the event of a cyberattack too. This is especially as more individuals transact online, making anyone susceptible to cyber fraud and extortion such as stolen credit card details and ransomware attacks.


2. Train your staff in best cybersecurity practices

The weakest link of the cybersecurity chain is often the human - us. This could manifest through clicks on phishing emails, or simply poor cyber hygiene practices such as setting easy-to-guess passwords or selling away a laptop without wiping the hard drive clean.

What companies can do is to educate employees on the use of strong passwords and protecting them from disclosure (especially when working remotely), as well as identifying suspicious activities.


3. Keep your systems and software updated

An outdated computer system could have many vulnerabilities, which can be waiting opportunities for cyber criminals.

Even a nondescript network printer that is sitting at the corner of your office could be an entry point for attackers. More recently, network-attached hard drives that could contain valuable data have been irreversibly wiped remotely by hackers.

Always secure your systems by patching up your computer and network devices and installing endpoint antivirus software as needed to keep malware at bay.


4. Secure your wired and wireless networks

Unsecured networks or networks with easy-to-decode standardised numerical security keys can be breached in seconds. An attacker who manages to get into your office network is as good as being right in your home.

Secure the entry points into your office's computer network to keep your data safe from hackers and ransomware attacks. Other than implementing strong passwords, you can also create a whitelist that allows only authorised computers to connect to the network.


5. Encrypt and back up your data

Ransomware attacks like 'WannaCry' - a powerful ransomware that hit organisations globally back in 2017, including government systems and hospitals - have brought many big companies to their knees as their data was held hostage.

Make constant offline and online backups of your data and secure them with a strong AES-encrypted (AES as short for "Advanced Encryption Standard", a fast and secure form of encryption that is approved by the US National Security Agency) password which includes upper and lower-case alphanumerical letters and symbols. Theoretically, these passwords could take billions of years to decode by brute-force attacks. 

the bottom line:

When a cyberattack hits, it's already too late. Protect your business by taking proactive steps and putting in place a comprehensive insurance or recovery plan.

recommended reads